class UsersController < ApplicationController
  before_filter :auth , :except => ["new","create"]
  layout "common_layout"
  def index
    list
    render :action => 'list'
  end

  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
  verify :method => :post, :only => [ :destroy, :create, :update ],
         :redirect_to => { :action => :list }

  def list
    @user_pages, @users = paginate :users, :per_page => 10
  end

  def show
    @user = User.find(params[:id])

    @board_post_total = BoardPost.count :conditions=> ['user_id = ?  ', @user.id]

    @board_post_pages, @board_posts = paginate(:board_post, 
		:conditions => 
			[' user_id = ?  ', @user.id], 
                :order  => 'register_date DESC', 
                :per_page => 20)
  end

  def new
    @user = User.new
  end

  def create
    @user = User.new(params[:user])
    if @user.save
      flash[:notice] = 'User was successfully created.'
      session[:user_id] = @user.id
      session[:user_name] = @user.name
      session[:user_login_id] = @user.login_id
      redirect_to :action => 'show' , :id => @user.id
    else
      render :action => 'new'
    end
  end

  def edit
    @user = User.find(params[:id])
    if(session[:user_id] != @user.id)
        flash[:notice] = "자기 자신의 아이디만 수정할수 있습니다."
        redirect_to :action=> 'show' , :id => @user.id
    end
  end

  def update
    @user = User.find(params[:id])
    if(session[:user_id] != @user.id)
        flash[:notice] = "자기 자신의 아이디만 수정할수 있습니다."
        redirect_to :action=> 'show' , :id => @user.id
    else 
        if @user.update_attributes(params[:user])
          flash[:notice] = 'User was successfully updated.'
          redirect_to :action => 'show', :id => @user
        else
          render :action => 'edit'
        end
    end
  end

  def destroy
    User.find(params[:id]).destroy
    redirect_to :action => 'list'
  end
end
